CVE-2021-29481

{"id": "CVE-2021-29481", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-06-29T19:15:09.437", "references": [{"url": "https://github.com/ratpack/ratpack/pull/1590", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ratpack/ratpack/security/advisories/GHSA-phj8-4cq3-794g", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. For this to be a vulnerability, some kind of sensitive data would need to be stored in the session and the session cookie would have to leak. For example, the cookies are not configured with httpOnly and an adjacent XSS vulnerability within the site allowed capture of the cookies. As of version 1.9.0, a securely randomly generated signing key is used. As a workaround, one may supply an encryption key, as per the documentation recommendation."}, {"lang": "es", "value": "Ratpack es un kit de herramientas para crear aplicaciones web. En las versiones anteriores a 1.9.0, la configuraci\u00f3n por defecto de las sesiones del lado del cliente resulta en datos no encriptados, pero firmados, que han sido establecidos como valores de cookies. Esto significa que si se introduce algo confidencial en la sesi\u00f3n, podr\u00eda ser le\u00eddo por alguien con acceso a las cookies. Para que esto sea una vulnerabilidad, alg\u00fan tipo de dato confidencial tendr\u00eda que ser almacenado en la sesi\u00f3n y la cookie de sesi\u00f3n tendr\u00eda que filtrarse. Por ejemplo, las cookies no est\u00e1n configuradas con httpOnly y una vulnerabilidad de tipo XSS adyacente dentro del sitio permiti\u00f3 la captura de las cookies. A partir de la versi\u00f3n 1.9.0, se usa una clave de firma generada aleatoriamente de forma segura. Como soluci\u00f3n, se puede proporcionar una clave de cifrado, seg\u00fan la recomendaci\u00f3n de la documentaci\u00f3n"}], "lastModified": "2021-07-07T16:44:24.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ratpack_project:ratpack:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E972830A-9822-4DD9-BB64-9CC2B69018D5", "versionEndExcluding": "1.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}